• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

How can I protect the FusionAuth admin screens from unauthorized access?

Scheduled Pinned Locked Moved Solved
Q&A
admin ui security
1
2
5.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dan
    last edited by 8 Jun 2020, 21:04

    I'd like to prevent unauthorized users from ever seeing the FusionAuth admin screens. How can I do so?

    --
    FusionAuth - Auth so modern you can download it.
    https://fusionauth.io

    1 Reply Last reply Reply Quote 0
    • D
      dan
      last edited by 8 Jun 2020, 21:07

      The way most of our clients handle this is by using proxy redirect rules. For example, if your service is available at https://auth.example.com then you would redirect https://auth.example.com/ to https://example.com to push the user back into the "user" space of your site. This would mean that if you have a FusionAuth admin, they would need to directly access the UI by navigating to https://auth.example.com/admin/.

      If you're already using a load balancer or a similar technology that provides routing rules, these are easy to configure.

      You can also use managed IP locking (limiting access to a certain set of IP addresses), or some other type of HTTP header on the request to limit access to the FusionAuth admin UI to authorized users and treat all other traffic to anything under /admin for end users as an invalid request. These types of solutions are best handled at the network layer or with a proxy.

      --
      FusionAuth - Auth so modern you can download it.
      https://fusionauth.io

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post